User enumeration from Post page source

There’s no option for that purpose.
You would likely need to remove calls to the get_author_posts_url function in your theme.
I can see that the function has a filter ( https://core.trac.www.ads-software.com/browser/tags/6.5/src/wp-includes/author-template.php#L364 ) so I’ll check whether I can add it to NinjaFirewall.

Thank you for the response.

There is an option for the said purpose in Ninja. Check the following option under “Firewall Policies”:

Through the WordPress REST API *

• This reply was modified 4 months, 3 weeks ago by eddyferns.

Does it work for your theme?
It doesn’t work for mine, because it relies on the get_author_posts_url function. In the source, there’s a link with the username.
That’s the problem with user enumeration: different themes can leak the user name using different methods.

Doing a test on the Twenty Twenty-Four theme. It works on this theme.

After finalizing the theme for the site then one can plug the leak. I did that before. Also one can take assist from a theme’s support. Then only at the time of theme update one has to verify on the development site for any leaks before updating the theme on production.

Can’t Ninja prevent showing the username in the page source of a Post without disabling the WordPress REST API *? Cause some themes and plugins require the API.

• This reply was modified 4 months, 3 weeks ago by eddyferns.

Can you check in your theme which WordPress function is used to display the username in the source of the page?

• This reply was modified 4 months, 3 weeks ago by nintechnet.

As mentioned, it’s the generic Twenty Twenty-Four theme just doing a test on it. Other themes can call the author by another method that Ninja might know.

I am now using custom codes directly in WordPress that resolves all user enumeration issues. Will let Ninja do its firewall job.

We can close this topic.

Thanks for your responses.